HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide - Page 58
Configuration guidelines
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 58 highlights
Configuration guidelines When you configure temporary user role authorization, follow these guidelines: • To enable users to obtain temporary user roles, you must configure user role authentication. Table 10 describes the available authentication modes and configuration requirements. • Local password authentication is available for all user roles, but remote AAA authentication is available only for level-n user roles. { If HWTACACS authentication is used, use a user account that has the target user role level or a user role level higher than the target user role. For example, if the user account test has the user role level-3, you can use this user account to obtain the authorization of the level-0, level-1, level-2, or level-3 user role. By using this method, you must enter the correct username and password to pass authentication. { If RADIUS authentication is used, you must create a user account for each level-n user role in the $enabn$ format or the $enabn$@domain-name format, where n represents the user role level. By using this metehod, the username you enter is ignored. You can pass authentication as long as the password is correct. • If you execute the quit command after obtaining a temporary user role, you are logged out of the device. Table 11 Use role authentication modes Keywords local scheme local scheme scheme local Authentication mode Description Local password authentication only (local-only) The device uses the locally configured password for authentication. If no local password is configured for the user role in this mode, an AUX user can obtain the user role authorization by either entering a string or not entering anything. Remote AAA authentication through HWTACACS or RADIUS (remote-only) The device sends the username and password to the HWTACACS or RADIUS server for remote authentication. To use this mode, you must perform the following configuration tasks: • Configure the required HWTACACS or RADIUS scheme and configure the ISP domain to use the scheme for the user. For more information, see Security Configuration Guide. • Add the user account and password on the HWTACACS or RADIUS server. Local password authentication first, and then remote AAA authentication (local-then-remote) Local password authentication is performed first. If no local password is configured for the user role in this mode: • The device performs remote AAA authentication for VTY users. • An AUX user can obtain a temporary user role by either entering a string or not entering anything. Remote AAA authentication first, and then local password authentication (remote-then-local) Remote AAA authentication is performed first. If the HWTACACS or RADIUS server does not respond or the remote AAA configuration on the device is invalid, local password authentication is performed. 51